Releases: wolfSSL/wolfBoot
Releases · wolfSSL/wolfBoot
wolfBoot v2.3.0
ChangeLog
- New hardware targets
- New architecture: ARM Cortex-A 32 bit
- Add support for Microchip ATSAMA5D3
- Add support for Nordic nRF5340
- Add support for Infineon AURIX TriCore TCxxx
- Add support for 32-bit simulator target
- Improvements to supported targets
- Support for building HAB for i.MX-RT targets, fixed flash interaction, dcache invalidation
- Fixes for Renesas RX: full flash erase, IRQ on boot, flash write
- Raspberry Pi: add UART support
- STM32: refactoring of the PKCS11 storage driver
- Fixes for Xilinx Zynq+ build options
- New features
- Support for multiple key types in the same keystore
- New algorithm: ML-DSA
- Hybrid authentication (using one PQC in combination with ECC/RSA)
- Full assembly optimizations for ARM targets, including SHA, AES, Chacha (ARMASM)
- Benchmark scripts for performance testing
- Unit test coverage drastically increased
- Bug fixes
- Fix multiple type-punned pointer dereferences
- Fix for TPM to properly support more than one PCR
- Fixed order of digests in the header: public key digest is now signed
- Updated modules
- wolfSSL v5.7.4
- wolfTPM latest
- wolfPKCS11 latest
wolfBoot v2.2.0
ChangeLog
- New hardware targets
- Add STM32H5 port with support for Dual-bank, OTP, TrustZone-M
- Add native support for Renesas RX family, using gcc toolchain
- Improvements to supported targets
- NXP i.MX-RT:
- New flash geometry configurations
- Support for LPUART4
- Add port for RT1061
- Disable DCACHE upon flash access
- Support for building with HAB
- STM32:
- Refactoring of TrustZone-M support
- OTP driver for STM32H5/H7
- Full firmware update demo on STM32H5
- Add support for QSPI in STM32U5
- Renesas RZ:
- Add support for RSIP
- x86-64 (FSP):
- Improve x86-64 specific code, add features
- Clean-up and re-arrange scripts for qemu demo
- NXP i.MX-RT:
- Post-quantum crypto
- LMS and XMSS support now using native wolfCrypt implementation
- Tools improvements
- Keystore: now supports .der ECC key via
--der - Add
otp_primerfirmware, to provision keystores in OTP - Add
otp_gentool to provide a pre-assembled keystore to flash into OTP
- Keystore: now supports .der ECC key via
- Bug fixes
- Fix regression in x86-EFI builds
- Fix setting
VTOR_NSwhen staging a non-secure app/os from TrustZone - Fix delta updates: patches with invalid base versions were not discarded
- Fix potential array bound overflow in
NVM_FLASH_WRITEONCEmode - Fix dereferencing type-punned pointer in flash update
wolfBoot v2.1.0
Changelog
- New features
- Custom TLVs in manifest header for custom authenticated options
- Bug fixes and improvements:
- DUALBANK: fork bootloader only once
- Improved
NO_BACKUPmode, DISABLE BACKUP mode is now powerfail-safe - Fault-injection mitigation: added clobbers to assembly code
- Post-quantum algorithms: fixed build issue with conflicting wolfCrypt version
- New signature verification algorithm:
- Added support for ECC521
- New hardware targets:
- Microchip ATSAM-E51, including DUALBANK support
- Renesas RZN2L
- NXP i.MX-RT1040
- NXP MCXA-153
- Improved support to existing targets:
- Build fixes for TI-Hercules
- Improved support for Integrity OS on NXP T1024
- wolfTPM integration
- Fixes in sealing/unsealing mechanism
- Updated modules
- wolfSSL v5.7.0
- wolfPKCS11 v1.3.0
- wolfTPM v3.2.0
wolfBoot v2.0.2
Changelog
- Fixed bug in sign tool when using ECC keys
- Improved documentation
- Added customizable DCD for NXP targets
wolfBoot v2.0.0
Release Notes
- New feature: post-quantum stateful hash-based signature schemes.
- Support for LMS/HSS
- Support for XMSS/XMSS^MT
- New feature: PKCS11 engine in TrustZone-M secure mode
- wolfBoot as secure-mode supervisor on ARMv8-M
- New TPM features
- TPM NV as root of trust
- Password-based access to NV slots
- Measured boot via PCR extensions
- Sealing/unsealing NV based on externally signed PCR policy and/or password
- New architecture: x86-64bit using FSP
- Intel FSP support
- Integration with TPM
- Two-stages model with support for PCI enumeration, AHCI drivers, SATA lock mechanism
- Multiboot2/ELF payload support
- New hardware targets
- Intel TigerLake in FSP mode
- STM32C0
- Bug fixing: core
- Fixed several bugs in
NVM_FLASH_WRITEONCEmode - Fixed bugs in delta updates
- Fixed several bugs in
- Improved support to existing targets
- Fixed issues in TSIP project
- Improved support for NXP QoriQ/p1021
- Improved support for NXP T1084
- Reworked SPI support for NXP RT1050
- STM32L4: Fixed clock speed
- ARMv7-m: improved assembly support for Cortex-M4
- ARMv8-m: enabled assembly optimizations by default
- Reworked keytools and build environment
- Improved build experience for MacOS users
- Fix for building in windows/minGW
- Deprecated python keytools
- Keytools: support multiple key formats, don't assume raw keys
- Fixed bug in delta image generation
- Keystore improvements: support multiple key format in the same keystore
- Testing
- Added new sets of power-failure automated tests on simulator target
- Simulator: tests can now run on MacOS
- Unit tests: improved coverage. Added gcov reports
- Static analysis: added cppcheck tests, fixed all relevant warnings
wolfBoot v1.16
ChangeLog
- New formats supported
- Added ELF/ELF64 loader
- Extended support for NXP P1021
- eSPI support to access TPM
- TPM root of trust
- fixes to eLBC NAND driver
- Improvements on PowerPC architecture
- fixed PIC execution
- support booting from RAM
- refactor of
update_ram.clogic - moved wolfBoot stack to DDR after DDR initialization
- Rework of Renesas examples, adding HSM support
- RA6M4 example project using SCE
- RA72N example project using TSIP
- Extended documentation
- Bug fix: fix wrong partition selection with
NVM_FLASH_WRITEONCEintroduced in v.1.15 - Testing: added test cases (delta + encrypt)
- Documentation: fixed several spelling errors
wolfBoot v1.15
ChangeLog
- Refactor powerfail-safe update for NVMs without consecutive write operations
- Support for SP math on AARCH64 targets
- Fixed keygen.c exported public key size
- Added more test cases and github actions
- Updated wolfSSL to v.5.6.0
- Hardware support:
- OCTOSPI support (STM32)
- Fixed STM32H7 UART, added UART debug
- New HAL: Renesas RA6M4 (with IDE example projects)
- New HAL: NXP i.MX-RT1064
- Unified common code for NXP i.MX-RT10XX targets
wolfBoot v1.14
Changelog
- Added support for CMake build
- STM32U5: Support for external flash
- STM32H7: Support for QSPI flash
- Support for NXP QoriQ P1021
- Cleanups and improvements for DEOS support on t2080
- Docker tests: refactoring
- Github Actions: added build checks for most available configurations
- Updated wolfTPM to v.2.7.0
- Updated wolfCrypt to wolfSSL v.5.5.4
wolfBoot v1.13
Changelog
- Fixed IAR sign script
- Added support for encrypted self-update
- Support for NAII 68PPC2 with NXP T2080 on DEOS
- Fixed Xilinx QSPI support
- Fixed API usage in external flash support for SPI/UART
- Fixed bug in encrypted delta updates
- Updated wolfCrypt to wolfSSL submodule v5.5.3
wolfBoot v1.12
Changelog
- Encrypted delta updates
- Support RSA3072 signature verification
- Partition ID support to include custom additional images
- New format to store multiple public keys, using keystore
- Several fixes to keytools and IDE support
- Added new test cases
- Hardware support
- New HAL: Simulated target for rapid tests